Threat actors are continuing to exploit a critical,
now-patched security flaw impacting FortiClient Endpoint Management
Server (EMS) deployments to deliver credential-stealing malware.
"The campaign abused trusted endpoint management infrastructure to
deliver malware across managed endpoints," Arctic Wolf said.
"Threat actors disguised the credential stealer payload as a
Fortinet endpoint
Read more https://thehackernews.com/2026/05/threat-actors-exploit-critical.html
